« Back to article | Print this article |
Many experts feel that it was time the private sector was roped in to fight this battle as the number of cases appear to be going up each day, writes Vicky Nanjappa.
There was always a big question mark over India's handling of cyber security. India was considered to be ill-equipped and slow when it came to tracking cyber crimes and now with the world waking up to this threat, it was time that even India did something.
The Government of India in association with the private sector has decided to undertake a five year programme in which nearly 500,000 personnel would be trained to help India fight cyber war.
Many experts feel that it was time the private sector was roped in to fight this battle as the number of cases appear to be going up each day and the detection rate has been more than pathetic.
Statistics indicate that in the past year nearly 42 million Indians were hit by cyber crimes and India stands at the third position of affected nations. India clearly needs at least five ethical hackers who are protected by the government. Hence this initiative by the government is being seen as a welcome move.
Apart from training personnel, India also would have to stop considering ethical hacking a taboo. In addition to the training that is being imparted the Indian establishment would also have to coordinate well with private enterprises providing ethical hackers.
To add to this we also need to up the awareness levels, the experts also feel.
Click on NEXT for more...
The intervention of the private sector into the cyber crime wing of the police departments is something that has been taking place since 2001.
When cyber crime police stations were set up almost ten years back, the police did seek the expertise of professionals from major IT firms who were more than ready to help.
In addition to this a team of police known as the Detective Inspectors was also created. This was a team which was meant to specialise in cracking cyber crime related cases. They were to be trained by IT professionals and this team was supposed to remain in the department which would mean there would be no transfer of the officers.
Each wing of the cyber crime police station would have 12 detective inspectors and they were supposed to remain there until their retirement with no transfers. Apart from solving cases, they were also assigned with the role of training the newer officers and then roping them into the wing.
However over the years, this system failed miserably. The inspectors did not find the job challenging and the private sector too started to back out. Many ethical hackers complained that they did not have the protection.
There were unwritten laws regarding their safety and protection, but that was not good enough as they were dealing with a dangerous subject.
Click on NEXT for more...
The police then started relying on techies on a case to case basis. In Kollam (in Kerala), an inspector informed that they usually hire the services of a firm based out of India when the need arises.
While this was helpful to a certain extent, there was a time lag since these persons were working on a request basis. The police say that they need dedicated staff so that these persons could work longer on the case.
The need of the hour is a committed force since the enemy nations we deal with where cyber warfare is concerned are extremely dangerous. We face our biggest threats from China and Pakistan and in order to counter their forces we need a strong team on hand.
Not only do we need cyber experts to fight crimes committed in India, but there is a need to safeguard our interests in other parts of the world as well. The cyber criminals apart from attacking our data also target our establishments in other countries.
In the year 2010, it was revealed that China was trying to hack into our systems in Kabul, Dubai, US, Serbia, Moscow and also the United Kingdom.
Click on NEXT for more...
The new cyber security policy which emerges out of a report known as "Engagement with Private Sector on Cyber Security" mandates cyber security audits for companies. This would ensure that a greater deal of participation from the private sector.
In addition to this the report also recommends that training is provided to law enforcement agencies by the private sector and also the establishment of an Institute of Cyber Security Professionals of India for security testing and auditing of cyber threats.
Anand Naik managing director - sales, India and SAARC, Symantec Corporation says that Public - private partnership on cyber security has improved information exchange and cooperation. Due to the evolution of cyber threat landscape there is a significant focus on security in terms of investment by the government.
The Indian government has clearly identified the importance of cyber security as a strategic consideration. India has realized the linkage between broadband on one hand and security challenges and the importance of a national cyber security strategy. Today's sophisticated threats require a layered approach to security, encompassing security, disaster recovery, along with information management to protect information irrespective of where it resides."
According to Mohan Gandhi, an Indian Institute of Management Ahmedabad graduate and cyber security expert, the growing dependency on the internet makes it necessary for governments to invest in cyber education through inclusion of IT security in college curriculum at an early level. Having good practical cyber security curriculum stops cyber crimes at the root level.
Click on NEXT for more...
Awareness:
Many in the security establishment would point out that there is a limit up to which the government can do. In order to fight a crime of any nature, there is a need for the public to be aware of the threat.
Nearly 60 per cent of the Internet population in India are unaware of cyber threats and more often than not they do not realise when their systems are being compromised.
A survey that was conducted by O+K Research, a Russian based firm revealed that users who don't clearly understand the level of risk presented by the malware landscape may not fully understand the need for proper security software.
Nearly half of PC users and laptop owners (except for Apple products) think their data is relatively safe. 8.5 per cent of respondents are sure their computer or laptop does not need any additional protection.
In addition to the regular threats that users face on a day to day basis, India has bigger worries on hand as well. The recent Assam exodus that took place as a result of a bulk SMS campaign was nothing short of a cyber war.
India blamed Pakistan for generating these messages and spreading panic across the country which led to a massive exodus. Professor Madhav Nalapat of Manipal University had told rediff.com that the ISI had managed to use the services of persons trained by NATO for the Libyan revolution.
In order to pull down Gaddafi, NATO had trained several persons in this art of creating morphed images so that there would be widespread panic which led to the revolution and Gaddafi's fall. It was a psychological warfare that was used at that time. The same team which helped pull down Gaddafi is now active in Syria, he had pointed out.
Apart from such attacks, India has faced various other threats in cyber space. Websites have been defaced, important data has been stolen from defence installations and systems in the administration have been compromised too.
Click on NEXT for more...
The need for regulation:
Two persons who had helped police in Karnataka and Andhra Pradesh with cracking cyber crime related say that the government deciding to involve private participation is a welcome move. We are more than ready to help out the police.
We had found that there was not much training among the police personnel and this was making it an impossible task for them.
They lack the correct equipment and infrastructure. However as much as we wanted to help, what we realised that is that there was not enough protection for us.
There was not much of an assurance given to us about our protection and this made many of us back out. Unless there is a written law regarding protection of ethical hackers, we do not think many would want to take part in this initiative.